VPN when Traveling?

Recently I've been reading and researching more about being "wide-open" while traveling especially when I connect to hotel hot spots etc.

Does anyone use VPN or something else (I used to just use a SOCKS proxy through my home media server + firefox, but has since decided to get a real VPN.) and why?

Also if you do use openVPN ... what type of encryption are you using ... why? The default version of my VPN uses the following: Blowfish/SHA1/RSA2048. Which from my research is a good mix of speed/encryption.

I typically don't use one. I tend to believe that my home ISP or other VPN end host is no less vulnerable than a hotel network, etc. Either way, my computer is out there on the big wild Internet.

If I use a VPN, it's usually to work around annoying filters on the local network - the main point is encapsulation, not confidentiality of the data.

Click to expand...

My concern with the Hotel Wifi/Starbucks is since there isn't a key to login/encrypt the data, you just need to be a guest to be let on. Thus theoretically a packet sniffer = all your data potentially being read.

Encrypted wifi only protects you from those within a few hundred feet (e.g. other guests/diners). It offers no help v. anyone collecting data anywhere else along the much longer remainder of the path between you and whatever you're looking at (e.g. the hotel/restaurant, their ISP, their upstream ISP, etc.). And I don't consider that local threat to be very interesting - I'm more likely to suffer ill effects from someone running a wholesale data collection operation on a larger swath of the net than from someone who has limited his scope of operations to a 100' circle. Encountering latter would require either very bad luck or someone specifically targeting me.

A VPN might protect me from those within 100', but unless I'm doing end-to-end crypto to whatever I'm looking at, my unencrypted traffic is still popping out somewhere on the net, just as exposed to the wholesale collectors as at would be without the VPN. All the VPN does it shift the starting point - it doesn't really reduce the attack surface in any meaningful way.

Encrypted wifi only protects you from those within a few hundred feet (e.g. other guests/diners). It offers no help v. anyone collecting data anywhere else along the much longer remainder of the path between you and whatever you're looking at (e.g. the hotel/restaurant, their ISP, their upstream ISP, etc.). And I don't consider that local threat to be very interesting - I'm more likely to suffer ill effects from someone running a wholesale data collection operation on a larger swath of the net than from someone who has limited his scope of operations to a 100' circle. Encountering latter would require either very bad luck or someone specifically targeting me.

A VPN might protect me from those within 100', but unless I'm doing end-to-end crypto to whatever I'm looking at, my unencrypted traffic is still popping out somewhere on the net, just as exposed to the wholesale collectors as at would be without the VPN. All the VPN does it shift the starting point - it doesn't really reduce the attack surface in any meaningful way.

A VPN might protect me from those within 100', but unless I'm doing end-to-end crypto to whatever I'm looking at, my unencrypted traffic is still popping out somewhere on the net, just as exposed to the wholesale collectors as at would be without the VPN. All the VPN does it shift the starting point - it doesn't really reduce the attack surface in any meaningful way.

Click to expand...

All depends what you are doing. Places like hotels and airports are notorious for hackers sniffing open hotspots. If you're using encrypted connections for everything such as email, Facebook, Open Table and such then it may not matter. But many people are very, very vulnerable. And many people use similar passwords across multiple services so, for example, someone's Yelp (or whatever) password might be similar or even identical to their banking password. All some crooks need is one password sent in the open and they often can gather a lot more. Even data you wouldn't think about often are sent unprotected: does a web site ever as your age or zip code? Visit a few sites, search around a bit and people can end up knowing LOT about you.

I always use a VPN when I'm on an open network. Or I try, anyhow. Lots of the VPN providers are blocked, especially in other countries. I use a lesser known one but I still find them blocked sometimes. I was even blocked in Disney World for an "attempt to circumvent family friendly controls" or something like that. In other words, if I'm using a VPN, to them the only reason MUST be because I want to view porn or watch a movie I don't have rights to watch or something similar. Never mind that my employer (or just plain common sense) requires it. Apparently they have since reversed that policy.

My concern with the Hotel Wifi/Starbucks is since there isn't a key to login/encrypt the data, you just need to be a guest to be let on. Thus theoretically a packet sniffer = all your data potentially being read.

Click to expand...

Anything important is in a SSL tunnel to the server anyways. Everything else I'm not too worried about.

I believe that a true VPN obscures both the starting point and destination.

Click to expand...

Obscures how and to whom?

A VPN creates a tunnel between your computer and the endpoint through which the traffic is encrypted, generally using the same or very similar technology as what you would get through accessing a server via a SSL connection (i.e. https:// instead of http://). But once it gets to the VPN endpoint it still has to go from there to the server you're trying to access. And that part of the connection would be in plain text.

If you have traffic you want protected (e.g. banking, email, etc.) then using https:// should be sufficient to keep that data private. Someone sniffing the traffic may see that you're connected to mail.google.com but they're not going to get much beyond that.

Technically a VPN makes whoever is looking at your traffic seem to just goto your VPN server correct. So in theory if someone was looking into you they wouldn't know you were going to your email, bank etc. All traffic is going to and from your vpn which is encrypted.

From the VPN the traffic is public to a degree... If not encrypted by SSL/TLS. But nobody will know who actually is accessing the sites because the original request appears to he coming from the VPN and not your true Ip.

Technically a VPN makes whoever is looking at your traffic seem to just goto your VPN server correct. So in theory if someone was looking into you they wouldn't know you were going to your email, bank etc. All traffic is going to and from your vpn which is encrypted.

From the VPN the traffic is public to a degree... If not encrypted by SSL/TLS. But nobody will know who actually is accessing the sites because the original request appears to he coming from the VPN and not your true Ip.

Correct me if I'm wrong please b

Click to expand...

It depends on how many other users are also using that VPN end host. The more users, the more anonymity you have.

It might help to be clear about the risk you're worrying about. I'm seeing references in this thread to credential (password) loss/theft/access. End-to-end crypto is the only great solution to that. In this post, though, you seems to be concerned about anonymity (from whom? the sites you're going to?). If so, you'll probably be more interested in Tor than a VPN.

It depends on how many other users are also using that VPN end host. The more users, the bigger the more anonymity you have.

It might help to be clear about the risk you're worrying about. I'm seeing references in this thread to credential (password) loss/theft/access. End-to-end crypto is the only great solution to that. In this post, though, you seems to be concerned about anonymity (from whom? the sites you're going to?). If so, you'll probably be more interested in Tor than a VPN.

Click to expand...

Tor is still vulnerable unless you trust all the exit nodes. And if you're going to use that for facebook or whatever, they already know who you are... it's pseudo-anonimity by obfuscating the connection, but it depends on what you want to do in the end.

If I travel I always use a VPN on the hotel network, and my own hardware, and SSL everywhere. If I have to do something more nefarious then I'll fire up Tails from a USB drive and do what I have to do from a disposable session.

It might help to be clear about the risk you're worrying about. I'm seeing references in this thread to credential (password) loss/theft/access. End-to-end crypto is the only great solution to that. In this post, though, you seems to be concerned about anonymity (from whom? the sites you're going to?).

Click to expand...

Mainly its online security. Partly is online anonymity. I guess the more I read and hear things about snowden I guess part of me just wants to not be part of the giant fishnet (aka NSA) however my first concern has been security. I already use HTTPS everywhere extension on my browser to try to get a SSL session as much as possible. But with sites that don't have SSL a VPN will at least encrypt that data going to and from. Also anonymity is partly related to security because like someone mentioned upstream, if your data is unencrypted and potentially sniffed ... They might be able to gather information regarding you and maybe eventually get something of use from the unencrypted traffic.

That's one of the things about using a VPN... for personal, mundane stuff it's pretty much useless by itself, and your data is out in the open after it leaves the tunnel. If you're using it to check webmail or Facebook, chances are you have a lot more privacy concerns than the hotel WiFi snooping on your connection.

Using some commercial VPN software to tunnel through to a South American server or something does not make the hotel WiFi any more secure, but a lot of people don't know this because they don't understand how the technology works.

That's one of the things about using a VPN... for personal, mundane stuff it's pretty much useless by itself, and your data is out in the open after it leaves the tunnel. If you're using it to check webmail or Facebook, chances are you have a lot more privacy concerns than the hotel WiFi snooping on your connection.

Using some commercial VPN software to tunnel through to a South American server or something does not make the hotel WiFi any more secure, but a lot of people don't know this because they don't understand how the technology works.

Click to expand...

Exactly, you'd be trusting whoever is running the commercial VPN servers...which most likely you don't even know the operator personally.

“Our intention was never to launch a website, our intention was to build a global brand for frequent flyers.”

content + community + technology + social

InsideFlyer was created by travelers, for travelers. Here you can discover and share your experiences related to travel and frequent flyer programs with business travelers, leisure travelers, infrequent flyers and road warriors alike.

InsideFlyer is a privately funded venture based in Colorado Springs, CO (affectionally—the House of Miles). We’re a small diverse group of experienced frequent flyer experts, travel community builders, technologists, and friends of the flyer who want to help you learn to be an expert traveler. We believe that learning about frequent flyer miles should be as fun as travel itself.